Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8181 |
|
Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-44194 |
|
OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-45053 |
|
Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44377 |
|
Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-0257 KEV |
|
[KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-8495 |
|
Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
|
| CVE-2026-41225 |
|
Vulnerability in f5 (CVE-2026-41225)
vulnerability in f5 (CVE-2026-41225). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44547 |
|
Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
|
| CVE-2026-41901 |
|
Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
|
| CVE-2026-44262 |
|
Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
|
| CVE-2026-45185 |
|
Use-After-Free in exim (CVE-2026-45185)
vulnerability in exim (CVE-2026-45185). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34660 |
|
Authorization Flaw in adobe (CVE-2026-34660)
vulnerability in adobe (CVE-2026-34660). Confidential information can be exposed externally.
|
| CVE-2026-34659 |
|
Unsafe Deserialization in deserialization (CVE-2026-34659)
vulnerability in deserialization (CVE-2026-34659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44277 |
|
Vulnerability in fortinet (CVE-2026-44277)
vulnerability in fortinet (CVE-2026-44277). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42833 |
|
Vulnerability in microsoft (CVE-2026-42833)
vulnerability in microsoft (CVE-2026-42833). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42898 |
|
Code Injection in microsoft (CVE-2026-42898)
code injection in microsoft (CVE-2026-42898). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42823 |
|
Vulnerability in microsoft (CVE-2026-42823)
vulnerability in microsoft (CVE-2026-42823). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41103 |
|
Vulnerability in microsoft (CVE-2026-41103)
vulnerability in microsoft (CVE-2026-41103). Confidential information can be exposed externally.
|
| CVE-2026-41089 |
|
Vulnerability in microsoft (CVE-2026-41089)
vulnerability in microsoft (CVE-2026-41089). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41096 |
|
Vulnerability in microsoft (CVE-2026-41096)
vulnerability in microsoft (CVE-2026-41096). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40402 |
|
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
|
| CVE-2026-40379 |
|
Information Disclosure in microsoft (CVE-2026-40379)
vulnerability in microsoft (CVE-2026-40379). Confidential information can be exposed externally.
|
| CVE-2026-33117 |
|
Authentication Bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117)
authentication bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117). Confidential information can be exposed externally. Mitigation: upgrade to `4.10.6` or later.
|
| CVE-2026-26083 |
|
Vulnerability in fortinet (CVE-2026-26083)
vulnerability in fortinet (CVE-2026-26083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29204 |
|
Vulnerability in CVE-2026-29204 (CVE-2026-29204)
vulnerability in CVE-2026-29204 (CVE-2026-29204). Confidential information can be exposed externally. Exploitable via ``clientarea.php``.
|
| CVE-2026-42048 |
|
Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-43515 |
|
Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41293 |
|
Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-8401 |
|
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
|
| CVE-2026-8043 |
|
Vulnerability in ivanti (CVE-2026-8043)
vulnerability in ivanti (CVE-2026-8043). Confidential information can be exposed externally.
|
| CVE-2026-45091 |
|
Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
|
| CVE-2025-40949 |
|
OS Command Injection in siemens (CVE-2025-40949)
OS command injection in siemens (CVE-2025-40949). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22924 |
|
Vulnerability in siemens (CVE-2026-22924)
vulnerability in siemens (CVE-2026-22924). Data can be tampered with by attackers.
|
| CVE-2026-42607 |
|
Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-40636 |
|
Vulnerability in dell (CVE-2026-40636)
vulnerability in dell (CVE-2026-40636). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47940 |
|
Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47936 |
|
Vulnerability in CVE-2021-47936 (CVE-2021-47936)
vulnerability in CVE-2021-47936 (CVE-2021-47936). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47933 |
|
Vulnerability in wordpress (CVE-2021-47933)
vulnerability in wordpress (CVE-2021-47933). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47932 |
|
Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6104 |
|
Out-of-Bounds Read in libphp (CVE-2026-6104)
vulnerability in libphp (CVE-2026-6104). Confidential information can be exposed externally. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
|
| CVE-2026-7261 |
|
Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-6722 |
|
Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2025-14179 |
|
SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-42569 |
|
Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
|
| CVE-2026-20160 |
|
Vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160)
vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20147 |
|
Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20180 |
|
Path Traversal in Cisco dos (CVE-2026-20180)
path traversal in Cisco dos (CVE-2026-20180). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6074 |
|
Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|